Stay Secure with the Latest Linux Advisories

security advisoryupdatecritical

Fedora 29: FEDORA-2019-24217abfdf Critical: CNI Portmap Rule Injection

Resolves: #1715758 - CVE-2019-9946. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-24217abfdf 2019-06-15 01:20:44.740775 --------------------------------------------------------------------------------Name : containernetworking-plugins Product : Fedora 29 Version : 0.7.5 Release : 1.fc29 URL : https://github.com/containernetworking/plugins Summary : Libraries for writing CNI plugin Description : The CNI (Container Network Interface) project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. --------------------------------------------------------------------------------Update Information: Resolves: #1715758 - CVE-2019-9946 --------------------------------------------------------------------------------ChangeLog: * Fri May 31 2019 Lokesh Mandvekar - 0.7.5-1 - Resolves: #1715758 - CVE-2019-9946 - bump to v0.7.5 - BR: git - remove ExcludeArch: ppc64 * Wed Feb 27 2019 Jason Brooks - 0.7.4-2 - add Provides kubernetes-cni for compatibility with upstream kubelet package * Wed Feb 13 2019 Lokesh Mandvekar - 0.7.4-1 - bump to v0.7.4 * Thu Jan 31 2019 Fedora Release Engineering - 0.7.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1715758 - CVE-2019-9946 containernetworking-plugins: kubernetes: Incorrect rule injection in CNI portmap plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1715758 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-24217abfdf' at thecommand line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 29's container networking plugins receive a crucial security patch addressing severe network rule vulnerabilities.. Containernetworking Plugins, Fedora 29, Critical Update, Network Security, Rule Injection. . Severity: Critical. LinuxSecurity.com Team

Jun 14, 2019 •Critical Fedora